Privacy Policy

1. Who We Are

TrustGeo ("we", "our", "us") is the developer and publisher of the TrustGeo browser extension, available on the Chrome Web Store. TrustGeo is an independent product designed to assist users of the game GeoGuessr by providing real-time geolocation analysis and AI-assisted geographic insights. Our contact email is contact@auth.specimen.website.

This Privacy Policy governs how TrustGeo collects, uses, stores, and protects personal information in connection with the use of our extension, our website, and any related services (collectively, the "Service"). By installing or using TrustGeo, you acknowledge that you have read, understood, and agree to the practices described in this policy.

2. Scope of This Policy

This Privacy Policy applies to all users of the TrustGeo browser extension and the TrustGeo website. It covers:

• Information collected through the browser extension installed in your Chrome browser.
• Information collected through our website and landing pages.
• Information collected through our payment processor when you subscribe to TrustGeo Pro.
• Communications between you and TrustGeo through email or support channels.

This policy does not apply to third-party websites, services, or applications that may be linked to or referenced within our Service. We encourage you to review the privacy policies of any third-party services you interact with.

3. Information We Collect

We believe in minimal, purposeful data collection. We collect only what is strictly necessary to operate the Service and provide you with a secure and functional experience.

3.1 Account Information

When you create a TrustGeo account, we collect your email address. This is used exclusively for authentication purposes. We use a passwordless system that sends a one-time verification code to your email address each time you log in. We do not collect usernames, passwords, dates of birth, phone numbers, or any other personal identifiers beyond your email address unless you voluntarily provide them in a support request.

3.2 Usage and Quota Data

We record the number of AI analysis requests ("guesses") you have made within the current billing or reset period. This data is strictly necessary to enforce the usage limits associated with your subscription tier (Free or Pro). We also store the date and time of your last quota reset. This data is linked to your account by a unique user ID and is stored in our secure backend database.

3.3 Subscription and Billing Status

We store your current subscription tier (Free or Pro), your subscription start date, and your subscription renewal or expiration date. This information is necessary to determine which features you have access to. Detailed billing and payment information (such as credit card numbers) is handled exclusively by our payment processor, Stripe, and is never stored on our servers.

3.4 Session Tokens

After you authenticate, we issue a session token that is stored locally in your browser's secure storage. This token allows you to remain logged in between sessions without needing to re-authenticate every time. Session tokens are opaque identifiers — they do not contain any personally identifiable information and cannot be decoded to reveal your email address or any other account data. Tokens are automatically invalidated after 30 days of inactivity.

3.5 Extension Interaction Logs (Anonymous)

In order to diagnose technical issues and improve the reliability of TrustGeo, we may log anonymized, non-personal error events from the extension — for example, failed API calls or unexpected parsing errors. These logs do not contain your email address, IP address, game data, or any content from your browser. They are used solely for debugging and quality assurance purposes and are retained for no more than 14 days.

3.6 Communications

If you contact us by email, we retain the content of your message and your email address in order to respond to your inquiry and follow up if necessary. We do not use incoming support communications for marketing purposes.

4. Information We Do NOT Collect

We want to be explicit about what TrustGeo does not collect:

• No passwords or security questions. We use a passwordless email code system entirely.
• No browsing history. TrustGeo only activates on geoguessr.com and does not monitor, record, or transmit any information about other websites you visit.
• No game scores or session recordings. We do not store any data related to your GeoGuessr game results, scores, maps, or strategies.
• No location data from your device. The coordinates extracted by TrustGeo come exclusively from GeoGuessr's game data — we do not access your device's GPS, IP-based location, or any geolocation API of your browser.
• No microphone, camera, or sensor data. TrustGeo does not request or access any hardware sensors on your device.
• No third-party tracking pixels or advertising identifiers. We do not use Facebook Pixel, Google Analytics, or any behavioral advertising technology. We do not build advertising profiles.
• No credit card or payment details. All payment processing is handled directly and exclusively by Stripe. We never see, transmit, or store your card number, CVV, or any raw payment information.
• No data about minors. TrustGeo is not intentionally directed at children under the age of 13.

5. How We Use Your Information

We use the information we collect for the following purposes only:

• Authentication: To verify your identity when you log in to TrustGeo using one-time email codes.
• Service operation: To provide, maintain, and improve the core functionality of TrustGeo, including processing analysis requests and displaying results.
• Quota management: To track and enforce your usage limits according to your subscription tier.
• Billing and subscription: To manage your Pro subscription, process renewals, and apply the correct access level to your account.
• Security: To detect and prevent fraudulent use, unauthorized access, and abuse of the Service.
• Technical support: To investigate and resolve issues you report to us.
• Legal compliance: To comply with applicable laws, legal processes, or enforceable governmental requests.

We do not use your information for advertising, profiling, data brokering, or any purpose not listed above. We do not sell your data to any third party under any circumstances.

6. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR) and equivalent national laws:

• Contract performance (Art. 6(1)(b) GDPR): Processing your email address and subscription status is necessary to provide the TrustGeo Service you have requested.
• Legitimate interests (Art. 6(1)(f) GDPR): Maintaining basic anonymized error logs for service reliability is in our legitimate interest and does not override your rights and freedoms.
• Legal obligation (Art. 6(1)(c) GDPR): We may process data where necessary to comply with a legal obligation, such as responding to a valid court order.

7. Third-Party Services

TrustGeo relies on a small number of carefully selected third-party services. These providers process data only to the extent necessary to deliver the Service:

7.1 Supabase (Authentication & Database)

We use Supabase, a backend-as-a-service platform hosted on Amazon Web Services (AWS), to manage user authentication and store account and usage data. Supabase processes your email address and account metadata on our behalf. Data is stored in secure, encrypted databases. Supabase's privacy policy is available at supabase.com/privacy.

7.2 Stripe (Payments)

Stripe, Inc. processes all payments for TrustGeo Pro subscriptions. When you upgrade to Pro, you interact directly with Stripe's secure checkout. TrustGeo only receives a customer reference ID and subscription status from Stripe — we never receive or store raw payment card data. Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy is available at stripe.com/privacy.

7.3 OpenStreetMap Nominatim (Reverse Geocoding)

To convert raw GPS coordinates into readable address information (street name, city, country), TrustGeo sends coordinate values to the OpenStreetMap Nominatim API. No personally identifiable information is included in these requests. The coordinates sent are GeoGuessr game-world data, not your physical location. Requests are made in compliance with the Nominatim usage policy.

7.4 AI Model Providers

When you request an AI-assisted geographic hint, TrustGeo may send a structured prompt containing location coordinates and geographic context to one of the following AI providers based on your selection: OpenAI (ChatGPT), Anthropic (Claude), Google (Gemini), or DeepSeek. These prompts do not contain your email address, user ID, or any personal identifier. AI provider usage is subject to their respective privacy policies. We recommend reviewing these policies if you have specific concerns about prompt data.

8. Data Storage, Security & Retention

We take the security of your data seriously and implement industry-standard safeguards:

• Encryption at rest: User data stored in our Supabase database is encrypted at rest using AES-256.
• Encryption in transit: All communications between the extension, our servers, and third-party APIs are encrypted using TLS 1.2 or higher.
• Access control: Access to production databases is restricted to authorized personnel only, using role-based access controls and multi-factor authentication.
• Session tokens: Automatically invalidated after 30 days of inactivity.
• Email verification codes: One-time codes expire after 10 minutes and are invalidated immediately upon use.
• Anonymized error logs: Retained for a maximum of 14 days, then automatically purged.
• Account data: Retained for as long as your account remains active. Upon account deletion, all personal data is permanently removed from our systems within 30 days, except where retention is required by law.

While we employ robust security measures, no system is completely immune to security risks. We encourage you to use a secure email account and to report any suspected security vulnerabilities to contact@auth.specimen.website.

9. Cookies & Local Storage

TrustGeo does not use cookies on its website for advertising or tracking purposes. The TrustGeo browser extension uses browser local storage exclusively to persist your session token — this is a technical necessity for maintaining your logged-in state. No third-party tracking cookies are injected by TrustGeo into any page you visit, including geoguessr.com.

Our website may use minimal, anonymized analytics to understand page visit counts. If such tools are used, they will be configured to respect Do Not Track signals and will not collect personally identifiable information.

10. Data Sharing & Disclosure

We do not sell, rent, lease, or trade your personal information to any third party. We may disclose information only in the following limited circumstances:

• Service providers: As described in Section 7, we share data with Supabase and Stripe only to the extent necessary to operate the Service.
• Legal requirements: We may disclose data if required to do so by law, court order, or other governmental or regulatory authority with jurisdiction over us.
• Protection of rights: We may disclose data to protect the rights, property, or safety of TrustGeo, our users, or the public, as permitted by law.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred as part of that transaction. We will notify you via the registered email address before your data is transferred and becomes subject to a different privacy policy.

11. International Data Transfers

TrustGeo is operated from Canada. Our data infrastructure is hosted by Supabase on AWS servers, which may be located in the United States or other jurisdictions. If you are located in the EEA or United Kingdom, please be aware that your data may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

When such transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent mechanisms, to ensure your data is protected in compliance with applicable data protection law.

12. Children's Privacy

TrustGeo is not directed at or intended for use by children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at contact@auth.specimen.website and we will promptly delete any such data from our systems.

13. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request that we correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): You can request that we delete your personal data, subject to any legal obligations we may have to retain it.
• Right to restriction of processing: You can request that we limit how we use your data in certain circumstances.
• Right to data portability: You can request a copy of your data in a commonly used, machine-readable format.
• Right to object: You can object to our processing of your data where we rely on legitimate interests as the legal basis.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at contact@auth.specimen.website. We will respond to your request within 30 days. If you are in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your national supervisory authority.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email at least 14 days before the changes take effect.

Your continued use of TrustGeo after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this page periodically to stay informed about how we protect your data.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

• Email: contact@auth.specimen.website
• Response time: We aim to respond to all privacy-related inquiries within 5 business days.